Gå till innehåll

mare1

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    2

  • Gick med

  • Besökte senast

mare1's Achievements

(1/8)

  1. mare1
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013 Ran by SYSTEM at 2013-08-21 13:09:22 Run:2 Running from F:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Dator\...\Run: [ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x] HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION HKU\Dator\...\RunOnce: [shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se...1&dpl=1&nobtn=1" [x] HKU\Dator\...\Winlogon: [shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION! 2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433 C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe C:\ProgramData\dsgsdgdsgdsgw.pad C:\Users\Dator\AppData\Roaming\Imfo ***************** HKU\Dator\Software\Microsoft\Windows\CurrentVersion\Run\\Ilubqyowon => Value deleted successfully. HKU\Dator\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully. HKU\Dator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater => Value deleted successfully. HKU\Dator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Dator\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. C:\Users\Dator\AppData\Roaming\2433f433 => Moved successfully. C:\ProgramData\2433f433 => Moved successfully. C:\Users\Dator\Local Settings\Application Data\2433f433 => Moved successfully. "C:\Users\Dator\AppData\Local\2433f433" => File/Directory not found. C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe => Moved successfully. C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully. C:\Users\Dator\AppData\Roaming\Imfo => Moved successfully. Viruset kvar....
  2. mare1
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 Ran by SYSTEM on 21-08-2013 10:37:26 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [217088 2007-12-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-09-13] (CyberLink Corp.) HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM\...\Run: [Net iD] - C:\Program Files\Net iD\iid.exe [99640 2010-02-01] (SecMaker AB) HKLM\...\Run: [ConnecteSupport] - C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe [2308608 2011-03-29] (Tific) HKLM\...\Run: [Family Tree Builder Update] - C:\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-12-21] (MyHeritage) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295072 2012-12-27] (RealNetworks, Inc.) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe HKU\Dator\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation) HKU\Dator\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation) HKU\Dator\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2012-07-13] (Skype Technologies S.A.) HKU\Dator\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [ 2012-03-18] (EasyBits Software AS) HKU\Dator\...\Run: [ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x] HKU\Dator\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-07-15] (Samsung) HKU\Dator\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Dator\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-07-15] (Samsung) HKU\Dator\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation) HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION HKU\Dator\...\RunOnce: [shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f7370656c2e7370656c6f2e73652f36393962626436656261333466346233373238613635633032636238376333312f313634342e646372&width=100%&height=100%&spelo=1&cr=1&dpl=1&nobtn=1" [x] HKU\Dator\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe [ 2013-05-14] (Adobe Systems Incorporated) HKU\Dator\...\Winlogon: [shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION! HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation) Startup: C:\Users\Dator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ========================== Services (Whitelisted) ================= S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) S2 CTATSvc; C:\Program Files\Telia\Connect\ATService.exe [582976 2011-06-27] (Telia) S2 CTConnect; C:\Program Files\Telia\Connect\Connect.exe [1899840 2011-06-27] (Columbitech) S2 gupdate1ca0f5a6f8847e0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-28] (Google Inc.) S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-29] (Lavasoft Limited) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation) S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-13] () S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S2 sprtsvc_teliada; C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe [206120 2010-05-10] (SupportSoft, Inc.) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-13] (Sony Corporation) S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [382320 2008-10-16] (SupportSoft, Inc.) S2 tgsrvc_teliada; C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe [185640 2010-05-10] (SupportSoft, Inc.) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation) S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-10-11] (Conexant Systems Inc.) S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] () S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [9728 2007-01-15] (Microsoft Corporation) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-26] () S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] () S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S1 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 SymIM; system32\DRIVERS\SymIM.sys [x] S3 SymIMMP; system32\DRIVERS\SymIM.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433 2013-08-18 03:24 - 2013-08-18 03:24 - 00016091 _____ C:\Users\Dator\Desktop\hs_err_pid6952.log 2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F} 2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\AppData\Local\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F} 2013-08-17 05:01 - 2013-08-17 05:02 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{E409EE84-B070-4599-823B-CE07743C08EB} 2013-08-17 05:01 - 2013-08-17 05:02 - 00000000 ____D C:\Users\Dator\AppData\Local\{E409EE84-B070-4599-823B-CE07743C08EB} 2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3} 2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3} 2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B} 2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B} 2013-08-15 17:10 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-15 17:10 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-15 17:10 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-15 17:10 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-15 17:10 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-15 17:10 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-08-15 17:10 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-08-15 17:10 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-15 17:10 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-15 17:10 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-15 17:10 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-15 17:10 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-08-15 17:10 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-08-15 17:10 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-15 17:10 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-15 17:10 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B} 2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\AppData\Local\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B} 2013-08-14 17:16 - 2013-08-14 17:21 - 00000000 ____D C:\Windows\System32\MRT 2013-08-13 23:04 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-13 23:04 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-13 23:04 - 2013-07-04 19:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-13 23:04 - 2013-07-04 17:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2013-08-13 23:04 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll 2013-08-13 23:04 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-13 23:03 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-13 23:03 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-08-13 23:03 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-13 23:03 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-13 23:03 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-13 23:03 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-13 23:03 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-05 01:33 - 2013-08-05 01:33 - 00000000 ____T C:\Users\Dator\Documents\10.0.0.2 2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5} 2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5} 2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{B6442200-398E-438E-9F6C-C8E760FE8265} 2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{B6442200-398E-438E-9F6C-C8E760FE8265} 2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\ProgramData\Documents\CrashDump 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Samsung 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\AppData\Local\Samsung 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Documents\NativeFus_Log 2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\ProgramData\Desktop\Samsung Kies (Lite).lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\ProgramData\Desktop\Samsung Kies.lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00000000 ____D C:\Users\Dator\Documents\samsung 2013-07-31 22:51 - 2013-06-20 16:07 - 00153672 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdm.sys 2013-07-31 22:51 - 2013-06-20 16:07 - 00136904 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadbus.sys 2013-07-31 22:51 - 2013-06-20 16:07 - 00017864 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdfl.sys 2013-07-31 22:51 - 2013-06-20 16:07 - 00015560 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadcmnt.sys 2013-07-31 22:51 - 2013-06-20 16:07 - 00015560 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadcm.sys 2013-07-31 22:51 - 2013-06-20 16:07 - 00015304 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadwhnt.sys 2013-07-31 22:51 - 2013-06-20 16:07 - 00015304 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadwh.sys 2013-07-31 22:48 - 2013-07-31 22:48 - 00000000 ____D C:\Program Files\MyFree Codec 2013-07-31 22:34 - 2013-06-14 09:57 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\System32\Redemption.dll 2013-07-31 22:34 - 2013-06-14 09:56 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\System32\dgderapi.dll 2013-07-31 22:34 - 2013-06-14 09:56 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\System32\Drivers\dgderdrv.sys 2013-07-31 22:29 - 2013-07-31 22:49 - 00000000 ____D C:\ProgramData\Samsung 2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{FA69375D-8775-41B6-AE2C-712AE8A9CF81} 2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\AppData\Local\{FA69375D-8775-41B6-AE2C-712AE8A9CF81} 2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4} 2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\AppData\Local\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4} 2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{5209729A-E0B2-4240-9A23-E6A52B97AC9A} 2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{5209729A-E0B2-4240-9A23-E6A52B97AC9A} ==================== One Month Modified Files and Folders ======= 2013-08-21 10:33 - 2013-08-21 10:33 - 00000000 ____D C:\FRST 2013-08-20 23:56 - 2006-11-02 04:47 - 00003296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-20 23:56 - 2006-11-02 04:47 - 00003296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-20 23:54 - 2006-11-02 04:47 - 00327776 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-20 23:52 - 2008-04-15 20:01 - 01381120 _____ C:\Windows\WindowsUpdate.log 2013-08-20 23:31 - 2011-09-21 03:42 - 00000064 _____ C:\Windows\System32\rp_stats.dat 2013-08-20 23:31 - 2011-09-21 03:42 - 00000044 _____ C:\Windows\System32\rp_rules.dat 2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433 2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433 2013-08-20 02:36 - 2011-11-23 10:21 - 00000000 ____D C:\ProgramData\GameXN 2013-08-20 01:38 - 2012-05-08 01:13 - 00000423 _____ C:\Users\Dator\Desktop\Xerox Portal.website 2013-08-19 22:58 - 2011-05-29 07:53 - 00000000 ____D C:\Users\Dator\AppData\Roaming\go 2013-08-19 22:58 - 2008-06-15 03:40 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Skype 2013-08-18 03:24 - 2013-08-18 03:24 - 00016091 _____ C:\Users\Dator\Desktop\hs_err_pid6952.log 2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F} 2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\AppData\Local\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F} 2013-08-17 21:59 - 2009-04-03 07:23 - 00000000 ____D C:\Users\Dator\Tracing 2013-08-17 05:18 - 2008-06-04 02:33 - 00045170 _____ C:\Users\Dator\AppData\Roaming\wklnhst.dat 2013-08-17 05:05 - 2009-04-16 22:28 - 00000000 ____D C:\Users\Dator\Documents\Mina skanningar 2013-08-17 05:02 - 2013-08-17 05:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{E409EE84-B070-4599-823B-CE07743C08EB} 2013-08-17 05:02 - 2013-08-17 05:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{E409EE84-B070-4599-823B-CE07743C08EB} 2013-08-17 04:55 - 2008-06-04 09:37 - 00049664 _____ C:\Users\Dator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-17 04:55 - 2008-06-04 09:37 - 00049664 _____ C:\Users\Dator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-16 21:20 - 2011-06-20 23:20 - 10000023 _____ C:\ATsvcLog.txt.old 2013-08-16 17:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-16 17:07 - 2007-12-11 05:15 - 00611620 _____ C:\Windows\System32\perfh01D.dat 2013-08-16 17:07 - 2007-12-11 05:15 - 00123186 _____ C:\Windows\System32\perfc01D.dat 2013-08-16 17:07 - 2006-11-02 02:33 - 01457454 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3} 2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3} 2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B} 2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B} 2013-08-15 17:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE 2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B} 2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\AppData\Local\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B} 2013-08-14 17:21 - 2013-08-14 17:16 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 17:16 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-08-07 04:40 - 2008-06-24 01:28 - 00000000 ____D C:\Users\Dator\Documents\Nya ID 2013-08-05 03:30 - 2008-12-09 02:06 - 00000000 ____D C:\Users\Dator\Documents\Mina dokument 2013-08-05 03:18 - 2008-06-04 00:37 - 00017769 _____ C:\ProgramData\hpzinstall.log 2013-08-05 03:03 - 2008-06-04 00:37 - 00138843 _____ C:\Windows\hpoins18.dat 2013-08-05 01:33 - 2013-08-05 01:33 - 00000000 ____T C:\Users\Dator\Documents\10.0.0.2 2013-08-05 01:17 - 2008-06-04 01:17 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Image Zone Express 2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5} 2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5} 2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{B6442200-398E-438E-9F6C-C8E760FE8265} 2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{B6442200-398E-438E-9F6C-C8E760FE8265} 2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\ProgramData\Documents\CrashDump 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Samsung 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\AppData\Local\Samsung 2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Documents\NativeFus_Log 2013-07-31 23:01 - 2008-08-29 07:27 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Samsung 2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\ProgramData\Desktop\Samsung Kies (Lite).lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\Users\Public\Desktop\Samsung Kies.lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\ProgramData\Desktop\Samsung Kies.lnk 2013-07-31 22:56 - 2013-07-31 22:56 - 00000000 ____D C:\Users\Dator\Documents\samsung 2013-07-31 22:53 - 2006-11-02 04:52 - 00068246 _____ C:\Windows\setupact.log 2013-07-31 22:52 - 2008-06-03 12:36 - 00000000 ____D C:\users\Dator 2013-07-31 22:50 - 2008-07-13 02:46 - 00000000 ____D C:\Program Files\Samsung 2013-07-31 22:49 - 2013-07-31 22:29 - 00000000 ____D C:\ProgramData\Samsung 2013-07-31 22:48 - 2013-07-31 22:48 - 00000000 ____D C:\Program Files\MyFree Codec 2013-07-31 22:33 - 2007-12-11 05:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-07-31 22:25 - 2009-05-17 09:55 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Downloaded Installations 2013-07-31 22:25 - 2009-05-17 09:55 - 00000000 ____D C:\Users\Dator\AppData\Local\Downloaded Installations 2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{FA69375D-8775-41B6-AE2C-712AE8A9CF81} 2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\AppData\Local\{FA69375D-8775-41B6-AE2C-712AE8A9CF81} 2013-07-30 00:38 - 2010-12-30 01:14 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Personal 2013-07-29 23:34 - 2012-04-30 04:00 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Intelli-studio 2013-07-29 01:28 - 2010-11-10 01:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-29 01:28 - 2008-11-30 23:41 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-07-29 01:28 - 2008-06-04 03:49 - 00000000 ____D C:\Users\Dator\AppData\Roaming\iid 2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool 2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc 2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration 2013-07-29 01:28 - 2006-11-02 02:22 - 53477376 _____ C:\Windows\System32\config\software_previous 2013-07-29 01:28 - 2006-11-02 02:22 - 18612224 _____ C:\Windows\System32\config\system_previous 2013-07-29 01:19 - 2006-11-02 02:22 - 41943040 _____ C:\Windows\System32\config\components_previous 2013-07-29 01:19 - 2006-11-02 02:22 - 00053248 _____ C:\Windows\System32\config\sam_previous 2013-07-29 01:14 - 2006-11-02 02:22 - 00524288 _____ C:\Windows\System32\config\default_previous 2013-07-29 01:14 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous 2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4} 2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\AppData\Local\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4} 2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{5209729A-E0B2-4240-9A23-E6A52B97AC9A} 2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{5209729A-E0B2-4240-9A23-E6A52B97AC9A} 2013-07-24 18:40 - 2013-08-15 17:10 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-24 18:32 - 2013-08-15 17:10 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-24 18:30 - 2013-08-15 17:10 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-24 18:26 - 2013-08-15 17:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-24 18:26 - 2013-08-15 17:10 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-24 18:25 - 2013-08-15 17:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-07-24 18:24 - 2013-08-15 17:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-07-24 18:24 - 2013-08-15 17:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-24 18:23 - 2013-08-15 17:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-24 18:23 - 2013-08-15 17:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-24 18:23 - 2013-08-15 17:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-24 18:23 - 2013-08-15 17:10 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-07-24 18:23 - 2013-08-15 17:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-07-24 18:22 - 2013-08-15 17:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-24 18:22 - 2013-08-15 17:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-24 18:22 - 2013-08-15 17:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll ZeroAccess: C:\Users\Dator\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} Files to move or delete: ==================== C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe C:\ProgramData\dsgsdgdsgdsgw.pad ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-05 00:23:32 Restore point made on: 2013-08-08 23:51:50 Restore point made on: 2013-08-12 00:36:46 Restore point made on: 2013-08-14 17:02:55 Restore point made on: 2013-08-15 17:00:44 Restore point made on: 2013-08-16 17:02:42 Restore point made on: 2013-08-20 05:23:53 ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 2037.4 MB Available physical RAM: 1538.07 MB Total Pagefile: 1788.11 MB Available Pagefile: 1610.7 MB Total Virtual: 2047.88 MB Available Virtual: 1968.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:139.61 GB) (Free:48.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:9.44 GB) (Free:2.94 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: FAA5FAA5) Partition 1: (Active) - (Size=140 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1000 MB) (Disk ID: 69737369) No partition Table on disk 1. LastRegBack: 2013-08-20 23:51 ==================== End Of Log ========
×
×
  • Skapa nytt...